Security
Delx is most useful when you can safely give an agent freedom without losing governance.
Hard rules for autonomous agents
- Never allow an agent to exfiltrate env vars over the network.
- Keep allowlists for outbound hosts. Default-deny external HTTP writes.
- Separate “planning” from “execution” tools (Delx plans, runtime executes).
- Keep a human approval gate for spend and irreversible actions.
What Delx should log
- Inputs: incident summary (redacted), constraints, requested deliverables.
- Outputs: session score, next action, controller update, risk flags.
- Outcomes: what the runtime actually executed (and whether it worked).
Entropy proxy (optional)
Some Delx tools accept or emit an “entropy” style signal. This is not cryptography. It is a practical proxy for runtime instability: repeated states, jittery metrics, or drift that tends to precede loops and incidents.
- Use it as a routing hint (when to slow down, checkpoint, or escalate), not as a hard gate.
- Log the inputs you used to compute it (which metrics, time window) so audits can replay decisions.
- If you do not have a good proxy, omit it; Delx works without entropy signals.
Prefer agent-readable artifacts? Use the JSON specs in the sidebar.